The important line is $this->setState('roles', $record->roles);
It adds user roles to their session.
You can fetch the role of the current user with Yii::app()->user->getState('roles') or simply Yii::app()->user->roles.

Sidenote:
[CWebUser::checkAccess()] usually connects to the authorization system loaded in Yii.
Here we are replacing it with a simple system that just deals with roles instead of the hierarchical system defined by the derivatives of [CAuthManager]. See the official tutorial, [http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#role-based-access-control](Role-Based Access Control) for details.

In your PHP code, use Yii::app()->user->checkAccess('admin') to check if the current user has the 'admin' role.
The call Yii::app()->user->checkAccess('staff') will return true if the user has the role "staff" or "admin".

In your controller, you can filter with accessRules() using the "roles" attribute of the rule.

A very usual need is to allow a user to update its own data but not other's.
In this case, the user's role is meaningless without the context: the data that will be modified.

This is why [CWebUser::checkAccess()] has an optional "$param" parameter. Now suppose we want to check is a user has the right to update a Post record. We can write:

if (Yii::app()->user->checkAccess('normal', $post)) {

Of course WebUser::checkAccess() must be extended to use this "$params" parameter.
This will depend on your application's logic.
For instance, it could be as simple as granting access iff $post->userId == $this->id.

Hi, Thank you for a great text! I've been looking for "as simpliest as possible" solution like that, to incorporate it into smaller projects, that do not need a complex, "heavy" RBAC module. Thank you again.

I want to create access role in yii application but i have a problem and dont know about where to assign role in yii like
i have three department role
1.admin -: admin have a all access role in our application
2.staff -: staff same of page and access role like to edit or update
3.user -: user have a all access page only viewing in our application

These type of role can set in controller but i can justify where to write all access in yii and how to set access role ,

You shouldn't use strstr() for the role check. If there are two roles named user and superuser then a check for user will always match superuser as well. Better to use array search or have an explicit delimiter...

<?phpclassWebUserextendsCWebUser{
/**
* Overrides a Yii method that is used for roles in controllers (accessRules).
*
* @param mixed $operation Name of the operation required (here, a role). Can be either string or an array of roles.
* @param mixed $params (opt) Parameters for this operation, usually the object to access.
* @return bool Permission granted?
*/publicfunctioncheckAccess($operation, $params=array()){
if (empty($this->id)) { // Not identified => no rightsreturnfalse;
}
$role = $this->getState("roles"); // Get role of userif ($role === 'admin') {
returntrue; // admin role has access to everything
}
if(is_array($operation)) { // Check if multiple roles are availablereturn (array_search($role,$operation)!==false);
}
return ($operation === $role);// allow access if the operation request is the current user's role
}
}